layout to consensus

Cargo.lock

@@ -101,6 +101,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 name = "bitcrypto"
 version = "0.1.0"
 dependencies = [
+ "bn 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "primitives 0.1.0",
  "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
  "siphasher 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -746,6 +747,7 @@ dependencies = [
 name = "network"
 version = "0.1.0"
 dependencies = [
+ "bitcrypto 0.1.0",
  "chain 0.1.0",
  "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "primitives 0.1.0",
@@ -1467,7 +1469,6 @@ version = "0.1.0"
 dependencies = [
  "bitcrypto 0.1.0",
  "blake2-rfc 0.2.18 (git+https://github.com/gtank/blake2-rfc.git?branch=persona)",
- "bn 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "byteorder 1.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "chain 0.1.0",
  "db 0.1.0",

crypto/Cargo.toml

@@ -7,3 +7,4 @@ authors = ["debris <marek.kotewicz@gmail.com>"]
 rust-crypto = "0.2.36"
 siphasher = "0.1.1"
 primitives = { path = "../primitives" }
+bn = "0.4"

crypto/src/lib.rs

@@ -1,6 +1,9 @@
 extern crate crypto as rcrypto;
 extern crate primitives;
 extern crate siphasher;
+extern crate bn;
+
+mod pghr13;
 
 pub use rcrypto::digest::Digest;
 use std::hash::Hasher;
@@ -10,6 +13,11 @@ use rcrypto::ripemd160::Ripemd160;
 use siphasher::sip::SipHasher24;
 use primitives::hash::{H32, H160, H256};
 
+pub use pghr13::{
+	VerifyingKey as Pghr13VerifyingKey, Proof as Pghr13Proof, verify as pghr13_verify,
+	G1, G2, Fr, Group,
+};
+
 pub struct DHash160 {
 	sha256: Sha256,
 	ripemd: Ripemd160,

crypto/src/pghr13.rs

@@ -0,0 +1,54 @@
+pub use bn::{Fr, G1, G2, Group};
+use bn::pairing;
+
+#[derive(Clone)]
+pub struct VerifyingKey {
+	pub a: G2,
+	pub b: G1,
+	pub c: G2,
+	pub z: G2,
+	pub gamma: G2,
+	pub gamma_beta_1: G1,
+	pub gamma_beta_2: G2,
+	pub ic: Vec<G1>,
+}
+
+impl ::std::fmt::Debug for VerifyingKey {
+    fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
+		write!(f, "[Verifying Key: TODO]")
+	}
+}
+
+#[derive(Clone)]
+pub struct Proof {
+	pub a: G1,
+	pub a_prime: G1,
+	pub b: G2,
+	pub b_prime: G1,
+	pub c: G1,
+	pub c_prime: G1,
+	pub k: G1,
+	pub h: G1,
+}
+
+pub fn verify(vk: &VerifyingKey, primary_input: &[Fr], proof: &Proof) -> bool {
+	let p2 = G2::one();
+
+	// 1. compute accumulated input circuit (evaluate the polynomial)
+	let mut acc = vk.ic[0];
+	for (&x, &ic) in primary_input.iter().zip(vk.ic[1..].iter()) {
+		acc = acc + (ic * x);
+	}
+
+	// 2. check validity of knowledge commitments for A, B, C:
+	pairing(proof.a, vk.a) == pairing(proof.a_prime, p2) &&
+	pairing(vk.b, proof.b) == pairing(proof.b_prime, p2) &&
+	pairing(proof.c, vk.c) == pairing(proof.c_prime, p2) &&
+
+	// 3. check same coefficients were used:
+	pairing(proof.k, vk.gamma) ==
+	pairing(acc + proof.a + proof.c, vk.gamma_beta_2) * pairing(vk.gamma_beta_1, proof.b) &&
+
+	// 4. check QAP divisibility
+	pairing(acc + proof.a, proof.b) == pairing(proof.h, vk.z) * pairing(proof.c, p2)
+}

network/Cargo.toml

@@ -8,4 +8,5 @@ lazy_static = "1.0"
 chain = { path = "../chain" }
 primitives = { path = "../primitives" }
 serialization = { path = "../serialization" }
+bitcrypto = { path = "../crypto" }
 rustc-hex = "2"

network/src/consensus.rs

@@ -1,4 +1,4 @@
-use {Network, Magic, Deployment};
+use {Network, Magic, Deployment, crypto};
 
 #[derive(Debug, Clone)]
 /// Parameters that influence chain consensus.
@@ -42,6 +42,24 @@ pub struct ConsensusParams {
 
 	/// Equihash (N, K) parameters.
 	pub equihash_params: Option<(u32, u32)>,
+
+	/// Active key for pghr13 joinsplit verification
+	pub joinsplit_verification_key: crypto::Pghr13VerifyingKey,
+}
+
+fn mainnet_pghr_verification_key() -> crypto::Pghr13VerifyingKey {
+	use crypto::{G1, G2, Group};
+
+	crypto::Pghr13VerifyingKey {
+		a: G2::one(),
+		b: G1::one(),
+		c: G2::one(),
+		z: G2::one(),
+		gamma: G2::one(),
+		gamma_beta_1: G1::one(),
+		gamma_beta_2: G2::one(),
+		ic: Vec::new(),
+	}
 }
 
 impl ConsensusParams {
@@ -66,6 +84,8 @@ impl ConsensusParams {
 				pow_target_spacing: (2.5 * 60.0) as u32,
 
 				equihash_params: Some((200, 9)),
+
+				joinsplit_verification_key: mainnet_pghr_verification_key(),
 			},
 			Network::Testnet => ConsensusParams {
 				network: network,
@@ -86,6 +106,8 @@ impl ConsensusParams {
 				pow_target_spacing: (2.5 * 60.0) as u32,
 
 				equihash_params: Some((200, 9)),
+
+				joinsplit_verification_key: mainnet_pghr_verification_key(),
 			},
 			Network::Regtest => ConsensusParams {
 				network: network,
@@ -106,6 +128,8 @@ impl ConsensusParams {
 				pow_target_spacing: (2.5 * 60.0) as u32,
 
 				equihash_params: Some((200, 9)),
+
+				joinsplit_verification_key: mainnet_pghr_verification_key(),
 			},
 			Network::Unitest => ConsensusParams {
 				network: network,
@@ -126,6 +150,8 @@ impl ConsensusParams {
 				pow_target_spacing: (2.5 * 60.0) as u32,
 
 				equihash_params: None,
+
+				joinsplit_verification_key: mainnet_pghr_verification_key(),
 			},
 		}
 	}

network/src/lib.rs

@@ -4,6 +4,7 @@ extern crate lazy_static;
 extern crate chain;
 extern crate primitives;
 extern crate serialization;
+extern crate bitcrypto as crypto;
 extern crate rustc_hex as hex;
 
 mod consensus;

verification/Cargo.toml

@@ -18,7 +18,6 @@ network = { path = "../network" }
 storage = { path = "../storage" }
 bitcrypto = { path = "../crypto" }
 rustc-hex = "2"
-bn = "0.4"
 
 [dev-dependencies]
 rand = "0.4"

verification/src/lib.rs

@@ -72,8 +72,6 @@ extern crate bitcrypto as crypto;
 #[cfg(test)]
 extern crate db;
 
-extern crate bn;
-
 pub mod constants;
 mod canon;
 mod deployments;
@@ -84,7 +82,6 @@ mod sigops;
 mod timestamp;
 mod work;
 mod work_zcash;
-mod pghr13;
 
 // pre-verification
 mod verify_block;

verification/src/pghr13.rs

@@ -1,47 +0,0 @@
-extern crate bn;
-
-use bn::{pairing, Fr, G1, G2, Group};
-
-struct VerifyingKey {
-	a: G2,
-	b: G1,
-	c: G2,
-	z: G2,
-	gamma: G2,
-	gamma_beta_1: G1,
-	gamma_beta_2: G2,
-	ic: Vec<G1>,
-}
-
-struct Proof {
-	a: G1,
-	a_prime: G1,
-	b: G2,
-	b_prime: G1,
-	c: G1,
-	c_prime: G1,
-	k: G1,
-	h: G1,
-}
-
-fn verify(vk: &VerifyingKey, primary_input: &[Fr], proof: &Proof) -> bool {
-	let p2 = G2::one();
-
-	// 1. compute accumulated input circuit
-	let mut acc = vk.ic[0];
-	for (&x, &ic) in primary_input.iter().zip(vk.ic[1..].iter()) {
-		acc = acc + (ic * x);
-	}
-
-	// 2. check validity of knowledge commitments for A, B, C:
-	pairing(proof.a, vk.a) == pairing(proof.a_prime, p2) &&
-	pairing(vk.b, proof.b) == pairing(proof.b_prime, p2) &&
-	pairing(proof.c, vk.c) == pairing(proof.c_prime, p2) &&
-
-	// 3. check same coefficients were used:
-	pairing(proof.k, vk.gamma) ==
-	pairing(acc + proof.a + proof.c, vk.gamma_beta_2) * pairing(vk.gamma_beta_1, proof.b) &&
-
-	// 4. check QAP divisibility
-	pairing(acc + proof.a, proof.b) == pairing(proof.h, vk.z) * pairing(proof.c, p2)
-}